No real cons, only positives. If you force your users to authenticate it helps reduce spam. By enabling open_base it forces users to only be able to run scripts in their own directories. They can't access things normally from php/cgi like /usr/bin/gcc. It is just another line of security defense.